Hi Jeff, thank you for your answear. I was looking at the code, for what I understood the matching is held by the function dfvm_apply. Are there any connection beetween the structure dfilter_t and the original pcap file? I can print the value matched pretty easily.
Matteo 2014-05-27 22:39 GMT+02:00 Jeff Morriss <[email protected]>: > On 05/26/14 04:07, Matteo Pelliccia wrote: > >> Hi to all, >> maybe it's a silly question. Is it possibile to know what byte match in >> display filter expression? For example if I have a pcap file with some >> packet and I run tshark with -Y option I would like to know which bytes >> match that expression, is it possibile? >> > > Unfortunately no, not today. There's been some discussion of highlighting > the field (if not the bytes) in the GUI (there's probably a bug requesting > that) but this is the first time I've heard of it for tshark. > > ____________________________________________________________ > _______________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
